Los Angeles Unified confirms scholar knowledge stolen in Snowflake account hack


Los Angeles Unified

The Los Angeles Unified Faculty District has confirmed an information breach after risk actors stole scholar and worker knowledge by breaching the corporate’s Snowflake account.

SnowFlake is a cloud database platform utilized by a number of the largest corporations worldwide to retailer their knowledge.

Earlier this month, a risk actor started to promote knowledge from quite a few corporations, together with TicketMaster, Satandar Financial institution, Advance Auto Components, and Pure Storage, with the hacker stating it was stolen from SnowFlake.

A joint investigation by SnowFlake, Mandiant, and CrowdStrike revealed {that a} risk actor, tracked as UNC5537, used stolen buyer credentials to focus on not less than 165 organizations that had not configured multi-factor authentication safety on their accounts.

As soon as they accessed the accounts, they downloaded all the information and tried to extort the corporate in change for not promoting or leaking the information to different cybercriminals.

LAUSD offered on a hacker discussion board

On June 18, the risk actor referred to as ‘Sp1d3r, who’s promoting knowledge from earlier SnowFlake assaults, additionally started promoting the information of Los Angeles Unified for $150,000, claiming they stole it from SnowFlake.

LAUSD SnowFlake data for sale on a hacking forum
LAUSD SnowFlake knowledge on the market on a hacking discussion board
Supply: BleepingComputer

The risk actor states this knowledge accommodates scholar names, addresses, household names, demographics, financials, grades, efficiency scoring, incapacity info, self-discipline particulars, and mum or dad info.

After reviewing a pattern of the information, LAUSD confirmed to BleepingComputer that the information was stolen from its SnowFlake account.

“As beforehand acknowledged, on June 6, 2024, Los Angeles Unified grew to become conscious of an account from a malicious actor purporting to supply sure scholar and worker knowledge on the market,” a Los Angeles Unified spokesperson advised BleepingComputer.

“By means of its intensive and ongoing investigation, the District has decided that the information in query was maintained by a number of Los Angeles Unified exterior distributors on Snowflake, a cloud-based platform used for mass knowledge storage, and seems to have been stolen in a fashion in line with lately publicized thefts involving quite a few Snowflake accounts.”

“Thus far, the District’s ongoing investigation has revealed no proof of any compromise to our programs or networks; nonetheless the investigation into the scope and extent of the information impacted is ongoing.”

Los Angeles Unified says they’re working with the FBI, CISA, and its distributors to research the incident additional.

A couple of risk actor apparently gained entry to Los Angeles Unified’s knowledge, as a completely different risk actor named ‘Satanic’ started promoting the district’s knowledge nearly two weeks earlier, on June 6, for $1,000.

Nevertheless, this knowledge seems to be completely different than the information stolen from SnowFlake, with the risk actor claiming it accommodates 26 million information with present and former scholar info, greater than 24,000 trainer information, and round 500 containing employees info.

Alleged LAUSD stolen data for sale online
Alleged LAUSD stolen knowledge on the market on-line
Supply: BleepingComputer

This risk actor has now launched it at no cost, permitting any cybercriminal to obtain and use it in their very own assaults.

Nevertheless, it’s unclear the place this knowledge originated from, because it doesn’t seem to have come from SnowFlake.

BleepingComputer contacted LAUSD final evening to verify the origins of the information leaked by ‘Satanic’ however didn’t obtain a response.

At this level, with the huge quantity of knowledge from LAUSD now shared on hacking boards, all of its college students, lecturers, and employees members ought to think about their knowledge uncovered.

As it isn’t unusual for different risk actors to make use of leaked knowledge of their campaigns, it’s essential to remain vigilant towards unsolicited emails, texts, and cellphone calls making an attempt to steal further knowledge, reminiscent of passwords.